Wordfence Research and News

Blog icon
Category: WordPress Security
featured image of icicles on black background with the text Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year.

Eleven Vulnerabilities Patched in Royal Elementor Addons

On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations.

PSA: YITH WooCommerce Gift Cards Premium Plugin Exploited in the Wild

The Wordfence Threat Intelligence team has been tracking exploits targeting a Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000 installations according to the vendor.
Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata

In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server.
Featured images showing hackers whimsically stealing things from a monitor

How Much is Your Hacked Site Worth?

The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services.

Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal

Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community.
Spikes in Attacks Serve as a Reminder to Update Plugins

Spikes in Attacks Serve as a Reminder to Update Plugins

The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect.

Missing Authorization Vulnerability in Blog2Social Plugin

On October 5, 2022, the Wordfence Threat Intelligence team responsibly disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites that allows users to set up post sharing to various social networks.
Patch Now The WordPress 6.0.3 Security Update Contains Important Fixes

Patch Now: The WordPress 6.0.3 Security Update Contains Important Fixes

The WordPress 6.0.3 Security Update contains patches for a large number of vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit.

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild

On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.